CVE-2025-6387: 
WordPress vulnerability analysis and mitigation

The WP Get The Table plugin for WordPress contains a Stored Cross-Site Scripting vulnerability (CVE-2025-6387) affecting all versions up to and including 1.5. The vulnerability was disclosed on July 24, 2025, and impacts the plugin's handling of the 'url' parameter (NVD CVE).

The vulnerability stems from insufficient input sanitization and output escaping of the 'url' parameter in the WP Get The Table plugin. This security flaw has been assigned a CVSS v3.1 base score of 6.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD CVE).

The vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially compromising user data and website security (NVD CVE).

The plugin has been temporarily closed as of July 22, 2025, pending a full security review. Users are advised to disable the plugin until a patched version becomes available (WordPress Plugin).